LogMan.io Alerts Configuration¶
LogMan.io Alerts has the following dependencies:
- Apache ZooKeeper
- NGINX (for production deployments)
- Apache Kafka
- MongoDB
- Elasticsearch
- TeskaLabs SeaCat Auth
- LogMan.io Library with an
/Alerts
and/Schemas
folders
Model¶
To start the application, include it in model and click on Apply button.
define:
type: rc/model
services:
lmio-alerts:
- <node> # Replace with name of the node
Example¶
This example is the most basic configuration required for LogMan.io Alerts:
[zookeeper]
servers=zookeeper-1:2181,zookeeper-2:2181,zookeeper-3:2181
[library]
providers=zk:///library
[kafka]
bootstrap_servers=kafka-1:9092,kafka-2:9092,kafka-3:9092
[elasticsearch]
url=http://es01:9200/
[asab:storage]
mongodb_uri=mongodb://mongodb1,mongodb2,mongodb3/?replicaSet=rs0
[auth]
multitenancy=yes
public_keys_url=http://localhost:8081/openidconnect/public_keys
[tenants]
tenant_url=http://localhost:8081/tenant
Zookeeper¶
Specify locations of Zookeeper servers in the cluster.
[zookeeper]
servers=zookeeper-1:2181,zookeeper-2:2181,zookeeper-3:2181
Hint
For non-production deployments, it is sufficient to use a single Zookeeper server.
Library¶
Specify the path(s) to the Library from which to load workflow declarations and tenant schemas.
[library]
providers=zk:///library
Hint
Since workflows are always located in /Alerts/Workflow
, consider using the LogMan.io Common Library.
Hint
Since the ECS.yaml
schema in /Schemas
is utilized by default, consider using the LogMan.io Common Library.
Kafka¶
Specify bootstrap servers of the Kafka cluster.
[kafka]
bootstrap_servers=kafka-1:9092,kafka-2:9092,kafka-3:9092
Hint
For non-production deployments, it is sufficient to use a single Kafka server.
ElasticSearch¶
Specify URLs of Elasticsearch master nodes.
Elasticsearch is used to load events associated with a ticket.
[elasticsearch]
url=http://es01:9200/
username=MYUSERNAME
password=MYPASSWORD
MongoDB¶
Specify the URL of the MongoDB cluster with replica set.
Tickets are stored to MongoDB.
[asab:storage]
type=mongodb
mongodb_uri=mongodb://mongodb1,mongodb2,mongodb3/?replicaSet=rs0
Auth¶
The Auth section ensures that users can access only their own assigned tenants to set up alerts.
It supports multitenancy and checks for the resources specified in workflow declarations.
[auth]
multitenancy=yes
public_keys_url=http://localhost:8081/openidconnect/public_keys
Tenant¶
Tenants section ensures reading of the available tenants' list.
[tenants]
tenant_url=http://localhost:8081/tenant
Input¶
The Alerts microservice contains a Kafka interface that reads incoming signals from a dedicated lmio-signals
topic.
The topic name or the group ID can be changed using:
[kafka:signals]
topic=lmio-signals
group_id=lmio-alerts
Note
Changing the input topic is discouraged to avoid unnecessary complications.
Web APIs¶
Alerts provides one web API.
The web API is designed for communication with the UI.
[web]
listen=0.0.0.0 8953
The default port of the public web API is tcp/8953
.
This port is designed to serve as the NGINX upstream for connections from collectors.